Hello community,
here is the log from the commit of package apparmor-profiles
checked in at Thu Nov 6 00:08:41 CET 2008.
--------
--- apparmor-profiles/apparmor-profiles.changes 2008-10-14 17:58:34.000000000 +0200
+++ /mounts/work_src_done/STABLE/apparmor-profiles/apparmor-profiles.changes 2008-11-05 17:10:33.975819000 +0100
@@ -1,0 +2,21 @@
+Wed Nov 5 17:09:44 CET 2008 - jjohansen@suse.de
+
+- fixes for
+ bnc#405317 - nscd needs to read /etc/netgroupbnc#436849 Not able to start
+ "syslog" service on a QS21 diskless machine
+ bnc#421728 - AppArmor prevents some network utilities from accessing
+ avahi-daemon socket
+ bnc#344376 - Default apparmor profile for nscd should include rights to
+ /var/log/nscd.log
+ bnc#405317 - nscd needs to read /etc/netgroup
+ bnc#425041 - AppArmor disallows "/sbin/syslog-ng" to access "/dev/syslog"
+ bnc#436262 - Firefox profiles do not work with current Firefox
+- apply previous patch files against upstream profiles (now in tarball)
+ usr.bin.opera-bnc#307365.patch
+ sbin.syslogd-bnc#33144.patch
+ sbin.syslog-ng-bnc#334557.patch
+ usr.sbin.ntpd-bnc#230700.patch
+ ntp-chroot-bnc#256291.patch
+ ntp-dac_override-pidfile.patch
+ usr.sbin.ntpd-bnc#433368#402693.patch
+
calling whatdependson for head-i586
Old:
----
apparmor-profiles-2.3-1112.tar.gz
ntp-chroot-bnc#256291.patch
ntp-dac_override-pidfile.patch
sbin.syslogd-bnc#33144.patch
sbin.syslog-ng-bnc#334557.patch
usr.bin.opera-bnc#307365.patch
usr.sbin.ntpd-bnc#230700.patch
usr.sbin.ntpd-bnc#433368#402693.patch
New:
----
apparmor-profiles-2.3-1318.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ apparmor-profiles.spec ++++++
--- /var/tmp/diff_new_pack.j13668/_old 2008-11-06 00:05:41.000000000 +0100
+++ /var/tmp/diff_new_pack.j13668/_new 2008-11-06 00:05:41.000000000 +0100
@@ -24,9 +24,9 @@
%endif
Summary: AppArmor profiles that are loaded into the apparmor kernel module
Version: 2.3
-Release: 39
+Release: 40
Group: Productivity/Security
-Source0: %{name}-%{version}-1112.tar.gz
+Source0: %{name}-%{version}-1318.tar.gz
License: GPL v2 or later
BuildRoot: %{_tmppath}/%{name}-%{version}-build
Url: http://forge.novell.com/modules/xfmod/project/?apparmor
@@ -34,13 +34,6 @@
BuildArch: noarch
Obsoletes: subdomain-profiles
Provides: subdomain-profiles
-Patch0: usr.bin.opera-bnc#307365.patch
-Patch1: sbin.syslogd-bnc#33144.patch
-Patch2: sbin.syslog-ng-bnc#334557.patch
-Patch3: usr.sbin.ntpd-bnc#230700.patch
-Patch4: ntp-chroot-bnc#256291.patch
-Patch5: ntp-dac_override-pidfile.patch
-Patch6: usr.sbin.ntpd-bnc#433368#402693.patch
# hrm, still need to enumerate each directory in these paths in files :(
%define extras_dir %{_sysconfdir}/apparmor/profiles/extras/
%define profiles_dir %{_sysconfdir}/apparmor.d/
@@ -64,13 +57,6 @@
%prep
%setup -q
-%patch0 -p2
-%patch1 -p2
-%patch2 -p2
-%patch3 -p2
-%patch4 -p2
-%patch5 -p0
-%patch6 -p1
%build
# nothing to do here
@@ -98,6 +84,25 @@
%preun
%changelog
+* Wed Nov 05 2008 jjohansen@suse.de
+- fixes for
+ bnc#405317 - nscd needs to read /etc/netgroupbnc#436849 Not able to start
+ "syslog" service on a QS21 diskless machine
+ bnc#421728 - AppArmor prevents some network utilities from accessing
+ avahi-daemon socket
+ bnc#344376 - Default apparmor profile for nscd should include rights to
+ /var/log/nscd.log
+ bnc#405317 - nscd needs to read /etc/netgroup
+ bnc#425041 - AppArmor disallows "/sbin/syslog-ng" to access "/dev/syslog"
+ bnc#436262 - Firefox profiles do not work with current Firefox
+- apply previous patch files against upstream profiles (now in tarball)
+ usr.bin.opera-bnc#307365.patch
+ sbin.syslogd-bnc#33144.patch
+ sbin.syslog-ng-bnc#334557.patch
+ usr.sbin.ntpd-bnc#230700.patch
+ ntp-chroot-bnc#256291.patch
+ ntp-dac_override-pidfile.patch
+ usr.sbin.ntpd-bnc#433368#402693.patch
* Tue Oct 14 2008 varkoly@suse.de
- patch ntp und xad profile bnc#402693 and bnc#433368
* Wed Aug 06 2008 ro@suse.de
@@ -107,7 +112,7 @@
- patch sbin.syslogd to allow locking of log file bnc#33144
- patch sbin.syslog-ng bnc#334557
- patch ntp profile bnc#230700 and bnc#256291
-* Tue Apr 08 2008 jjohansen@suse.de
+* Mon Apr 07 2008 jjohansen@suse.de
- Bump version to 2.3 in preparation for AppArmor 2.3 code drop
* Tue Mar 25 2008 varkoly@suse.de
- Bug 333525 - xntp ntpd does not work with ipv6 servers
@@ -144,7 +149,7 @@
- Updated profiles for network toggle mediation
- Added profile for avahi-daemon
- Added profile for cupsd to extras
-* Tue Jun 12 2007 srarnold@suse.de
+* Mon Jun 11 2007 srarnold@suse.de
- Postfix directories to new syntax
* Mon Jun 11 2007 srarnold@suse.de
- Remove /usr/X11R6 references
@@ -157,7 +162,7 @@
- Update to newer evolution version numbers
- Rename ethereal -> wireshark
- Create 64 bit version of gconfd-2
-* Wed Jun 06 2007 srarnold@suse.de
+* Tue Jun 05 2007 srarnold@suse.de
- Updates to ntpd from Mathias Gug
* Sat Jun 02 2007 srarnold@suse.de
- Updates to ntpd and klogd from Mathias Gug
@@ -166,17 +171,17 @@
- Really check in Marius's update to syslog-ng.
* Tue May 29 2007 srarnold@suse.de
- small update from Marius Tomaschewski for syslog-ng
-* Sat May 26 2007 srarnold@suse.de
+* Fri May 25 2007 srarnold@suse.de
- replace /proc/ with @{PROC} from sbeattie
-* Wed May 23 2007 srarnold@suse.de
+* Tue May 22 2007 srarnold@suse.de
- Bug 265775 - changes for kerberosclient profile
[updated the abstraction]
* Thu May 17 2007 srarnold@suse.de
- Bug 267933 - audit message about /var/lib/ntp/drift/ntp.drift.TEMP
-* Thu May 17 2007 srarnold@suse.de
+* Wed May 16 2007 srarnold@suse.de
- remove named (bind) and openldap (slapd) profiles, as they have been
moved into their respective packages
-* Sat Apr 21 2007 srarnold@suse.de
+* Fri Apr 20 2007 srarnold@suse.de
- reorganize the tarball to match on-disk layout
* Fri Apr 13 2007 sbeattie@suse.de
- Update/re-enable some profiles for dir handling changes
@@ -201,14 +206,14 @@
- new (extras) profile for passwd
- xntpd W32Time authentication support
- named gss-tsig authentication support
-* Thu Jan 04 2007 srarnold@suse.de
+* Wed Jan 03 2007 srarnold@suse.de
- extras/ fixes from Volker Kuhlmann
- sshd loginuid
- apache certs/keys
- postfix with permissions=paranoid
-* Tue Dec 12 2006 srarnold@suse.de
+* Mon Dec 11 2006 srarnold@suse.de
- Newer postfix uses a session cache for TLS
-* Tue Nov 28 2006 srarnold@suse.de
+* Mon Nov 27 2006 srarnold@suse.de
- Bug 220331 - syslog-ng cannot log news messages
- capability fowner, to change uid/gid of logfiles
- make /dev/log dependency explicit
@@ -219,7 +224,7 @@
- Bug 221567 - apparmor causes kernel lockup if there is any audit backlog
- remove netstat profile as it will trigger this bug easily
- Bug 221111 - ntpd needs access to /proc/net/if_inet6
-* Tue Nov 14 2006 srarnold@suse.de
+* Mon Nov 13 2006 srarnold@suse.de
- Bug 219583 - rejecting w access for syslog-ng
add /var/lib/*/dev/log access for chroot'd applications
- Bug 202095 - useradd / userdel profiles incomplete
@@ -254,7 +259,7 @@
/lib/ld-2.4 -- s390x, ppc, ppc64, too
- Bug 172670 - postfix doesn't deliver mails anymore after update from
SLES9
-* Thu May 04 2006 srarnold@suse.de
+* Wed May 03 2006 srarnold@suse.de
- Bug 167798 - misc profile modifications from darix
- mlmmj, lighttpd, oidentd profiles in extras/
- new postfix helpers
@@ -294,7 +299,7 @@
* Wed Apr 05 2006 varkoly@suse.de
- Fix for posfix/smtpd postfix/smtp
- New file usr.lib.postfix.anvil
-* Wed Apr 05 2006 srarnold@suse.de
+* Tue Apr 04 2006 srarnold@suse.de
- Fix for postfix/sasl (#159667)
- Fix for NIS/portmapper nameservice capabilities
* Mon Apr 03 2006 dreynolds@suse.de
++++++ apparmor-profiles-2.3-1112.tar.gz -> apparmor-profiles-2.3-1318.tar.gz ++++++
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.3/apparmor/profiles/extras/usr.bin.opera new/apparmor-profiles-2.3/apparmor/profiles/extras/usr.bin.opera
--- old/apparmor-profiles-2.3/apparmor/profiles/extras/usr.bin.opera 2008-02-19 11:32:28.000000000 +0100
+++ new/apparmor-profiles-2.3/apparmor/profiles/extras/usr.bin.opera 2008-06-11 23:19:36.000000000 +0200
@@ -1,4 +1,4 @@
-# $Id: usr.bin.opera 1101 2008-02-19 10:32:28Z jrjohansen $
+# $Id: usr.bin.opera 1290 2008-06-11 21:19:36Z jrjohansen $
# ------------------------------------------------------------------
#
# Copyright (C) 2002-2005 Novell/SUSE
@@ -9,9 +9,7 @@
#
# ------------------------------------------------------------------
# vim:syntax=apparmor
-# Last Modified: Thu Aug 25 14:49:56 2005
-# Last Modified: Tue Sep 11 20:27:42 2007
#include
/usr/bin/opera {
#include
@@ -35,23 +33,27 @@
/etc/cups/lpoptions r,
/etc/opera6rc rw,
/etc/opera6rc.fixed rw,
- /opt r,
@{PROC}/[0-9]*/stat r,
@{PROC}/net/if_inet6 r,
@{PROC}/sys/vm/heap-stack-gap r,
+ @{HOME} r,
@{HOME}/.fonts.cache-* r,
@{HOME}/.fonts r,
@{HOME}/.fonts/** r,
- @{HOME} r,
@{HOME}/.kde/share/** r,
@{HOME}/OperaDownloads/* rw,
@{HOME}/.opera/** lrw,
@{HOME}/.opera r,
+ @{HOME}/tux/.fonts/ r,
+ @{HOME}/tux/.qt/.qtrx.lock k,
+ @{HOME}/tux/.opera/ w,
- /usr/share/** r,
- /usr r,
+ /opt/ r,
/opt/kde3/lib/kde3/plugins/integration/*.so mr,
+
+ /usr/ r,
+ /usr/share/** r,
/usr/bin/acroread rPx,
/usr/bin/opera r,
/usr/lib r,
@@ -69,6 +71,6 @@
/usr/bin/opera mr,
/usr/lib/jvm/java-1.5.0-sun-1.5.0_update12/jre/lib/i386/*.so mr,
/usr/lib/jvm/java-1.5.0-sun-1.5.0_update12/jre/lib/i386/client/*.so mr,
-# /usr/lib/opera/9.23-20070809.6/opera px,
+ /usr/lib/opera/*/opera ix,
/usr/lib/opera/*/works ixr,
}
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.3/apparmor/profiles/extras/usr.lib.firefox.firefox.sh new/apparmor-profiles-2.3/apparmor/profiles/extras/usr.lib.firefox.firefox.sh
--- old/apparmor-profiles-2.3/apparmor/profiles/extras/usr.lib.firefox.firefox.sh 2007-05-16 23:55:13.000000000 +0200
+++ new/apparmor-profiles-2.3/apparmor/profiles/extras/usr.lib.firefox.firefox.sh 2008-11-05 17:00:39.000000000 +0100
@@ -1,35 +1,19 @@
-# vim:syntax=apparmor
-# Last Modified: Fri Feb 17 17:45:24 2006
-# ------------------------------------------------------------------
-#
-# Copyright (C) 2002-2005 Novell/SUSE
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of version 2 of the GNU General Public
-# License published by the Free Software Foundation.
-#
-# ------------------------------------------------------------------
-
+# Last Modified: Wed Nov 5 03:32:59 2008
#include
/usr/lib/firefox/firefox.sh {
#include
#include
#include
- #include
- /bin/basename mixr,
- /bin/bash mixr,
- /bin/gawk mixr,
- /bin/grep mixr,
+ deny capability sys_ptrace,
+
+ /bin/basename rix,
+ /bin/bash rix,
+ /bin/grep rix,
/etc/magic r,
- /usr/bin/file mixr,
- /usr/bin/which mixr,
- /usr/lib/firefox/* r,
-# the shell script relies on LD_PRELOAD.
- /usr/lib/firefox/firefox-bin px,
- /usr/lib/firefox/firefox.sh rmix,
-# the shell script relies on LD_PRELOAD.
- /usr/lib/firefox/mozilla-xremote-client px,
+ /usr/bin/file rix,
+ /usr/lib/firefox/firefox px,
/usr/share/misc/magic.mgc r,
+
}
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.3/apparmor.d/abstractions/aspell new/apparmor-profiles-2.3/apparmor.d/abstractions/aspell
--- old/apparmor-profiles-2.3/apparmor.d/abstractions/aspell 2007-08-28 02:49:51.000000000 +0200
+++ new/apparmor-profiles-2.3/apparmor.d/abstractions/aspell 2008-06-11 23:19:36.000000000 +0200
@@ -2,7 +2,7 @@
# aspell permissions
# per-user settings and dictionaries
- @{HOME}/.aspell.*.{pws,prepl} r,
+ @{HOME}/.aspell.*.{pws,prepl} rk,
# system libraries and dictionaries
/usr/lib/aspell/ r,
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.3/apparmor.d/abstractions/audio new/apparmor-profiles-2.3/apparmor.d/abstractions/audio
--- old/apparmor-profiles-2.3/apparmor.d/abstractions/audio 2007-08-28 02:49:51.000000000 +0200
+++ new/apparmor-profiles-2.3/apparmor.d/abstractions/audio 2008-06-11 23:19:36.000000000 +0200
@@ -1,4 +1,5 @@
-# $Id: audio 949 2007-08-28 00:49:51Z seth_arnold $
+# vim:syntax=apparmor
+# $Id: audio 1290 2008-06-11 21:19:36Z jrjohansen $
# ------------------------------------------------------------------
#
# Copyright (C) 2002-2006 Novell/SUSE
@@ -41,4 +42,4 @@
@{HOME}/.esd_auth r,
@{HOME}/.asoundrc r,
-/etc/esd.conf r,
+/etc/esound/esd.conf r,
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.3/apparmor.d/abstractions/base new/apparmor-profiles-2.3/apparmor.d/abstractions/base
--- old/apparmor-profiles-2.3/apparmor.d/abstractions/base 2007-08-28 02:49:51.000000000 +0200
+++ new/apparmor-profiles-2.3/apparmor.d/abstractions/base 2008-06-11 23:19:36.000000000 +0200
@@ -1,4 +1,5 @@
-# $Id: base 949 2007-08-28 00:49:51Z seth_arnold $
+# vim:syntax=apparmor
+# $Id: base 1290 2008-06-11 21:19:36Z jrjohansen $
# ------------------------------------------------------------------
#
# Copyright (C) 2002-2005 Novell/SUSE
@@ -27,6 +28,7 @@
/etc/localtime r,
/usr/share/locale/** r,
/usr/share/zoneinfo/** r,
+ /usr/share/X11/locale/** r,
/usr/lib64/locale/** mr,
/usr/lib32/gconv/*.so mr,
@@ -44,37 +46,41 @@
# available everywhere
/etc/ld.so.cache mr,
/lib/ld-*.so mrix,
- /lib64/ld-*.so mrix,
- /lib/ld64-*.so mrix,
- /lib64/ld64-*.so mrix,
/lib32/ld-*.so mrix,
+ /lib64/ld-*.so mrix,
/lib/ld32-*.so mrix,
+ /lib/ld64-*.so mrix,
/lib32/ld32-*.so mrix,
- /lib/tls/i686/cmov/ld-*.so mrix,
+ /lib64/ld64-*.so mrix,
+ /lib/tls/i686/{cmov,nosegneg}/ld-*.so mrix,
/opt/*-linux-uclibc/lib/ld-uClibc*so* mrix,
# we might as well allow everything to use common libraries
/lib/lib*.so* mr,
/lib32/lib*.so* mr,
/lib64/lib*.so* mr,
+
/lib/*/lib*.so* mr,
- /lib/tls/i686/cmov/lib*.so* mr,
- /usr/lib/** r,
+ /lib32/*/lib*.so* mr,
/lib64/*/lib*.so* mr,
+
+ /usr/lib/** r,
/usr/lib/*.so* mr,
- /usr/lib/*/lib*.so* mr,
+ /usr/lib/**/lib*.so* mr,
+
/usr/lib32/** r,
/usr/lib32/*.so* mr,
+ /usr/lib32/**/lib*.so* mr,
+
/usr/lib64/** r,
- /lib64/lib*.so* mr,
- /lib64/*/lib*.so* mr,
/usr/lib64/*.so* mr,
- /usr/lib64/*/lib*.so* mr,
+ /usr/lib64/**/lib*.so* mr,
+
/usr/lib/sasl2/*.so* mr,
- /usr/lib/**/lib*.so* mr,
- /usr/lib32/*/lib*.so* mr,
+ /usr/lib32/sasl2/*.so* mr,
/usr/lib64/sasl2/*.so* mr,
+ /lib/tls/i686/{cmov,nosegneg}/lib*.so* mr,
# /dev/null is pretty harmless and frequently used
/dev/null rw,
@@ -94,3 +100,6 @@
@{PROC}/meminfo r,
@{PROC}/stat r,
@{PROC}/cpuinfo r,
+
+ # some applications will display license information
+ /usr/share/common-licenses/** r,
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.3/apparmor.d/abstractions/freedesktop.org new/apparmor-profiles-2.3/apparmor.d/abstractions/freedesktop.org
--- old/apparmor-profiles-2.3/apparmor.d/abstractions/freedesktop.org 2007-08-29 01:39:52.000000000 +0200
+++ new/apparmor-profiles-2.3/apparmor.d/abstractions/freedesktop.org 2008-06-11 23:19:36.000000000 +0200
@@ -6,6 +6,10 @@
/usr/share/icons/** r,
/usr/share/pixmaps/ r,
/usr/share/pixmaps/** r,
+ /usr/local/share/icons/ r,
+ /usr/local/share/icons/** r,
+ /usr/local/share/pixmaps/ r,
+ /usr/local/share/pixmaps/** r,
# this should probably go elsewhere
/usr/share/mime/* r,
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.3/apparmor.d/abstractions/gnome new/apparmor-profiles-2.3/apparmor.d/abstractions/gnome
--- old/apparmor-profiles-2.3/apparmor.d/abstractions/gnome 2007-08-28 02:49:51.000000000 +0200
+++ new/apparmor-profiles-2.3/apparmor.d/abstractions/gnome 2008-06-11 23:19:36.000000000 +0200
@@ -1,5 +1,5 @@
# vim:syntax=apparmor
-# $Id: gnome 949 2007-08-28 00:49:51Z seth_arnold $
+# $Id: gnome 1290 2008-06-11 21:19:36Z jrjohansen $
# ------------------------------------------------------------------
#
# Copyright (C) 2002-2006 Novell/SUSE
@@ -15,7 +15,6 @@
#include
#include
-
# systemwide gtk defaults
/etc/gnome/gtkrc* r,
/etc/gtk/* r,
@@ -51,6 +50,6 @@
/usr/share/**/icon-theme.cache r,
# gnome VFS modules
- /etc/gnome-vfs-2.0/modules r,
+ /etc/gnome-vfs-2.0/modules/ r,
/etc/gnome-vfs-2.0/modules/* r,
/usr/lib/gnome-vfs-2.0/modules/*.so mr,
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.3/apparmor.d/abstractions/nameservice new/apparmor-profiles-2.3/apparmor.d/abstractions/nameservice
--- old/apparmor-profiles-2.3/apparmor.d/abstractions/nameservice 2007-08-24 02:22:06.000000000 +0200
+++ new/apparmor-profiles-2.3/apparmor.d/abstractions/nameservice 2008-06-11 23:19:36.000000000 +0200
@@ -1,4 +1,4 @@
-# $Id: nameservice 946 2007-08-24 00:22:06Z seth_arnold $
+# $Id: nameservice 1290 2008-06-11 21:19:36Z jrjohansen $
# ------------------------------------------------------------------
#
# Copyright (C) 2002-2005 Novell/SUSE
@@ -19,6 +19,7 @@
/etc/ldap.conf r,
/etc/ldap.secret r,
/etc/nsswitch.conf r,
+ /etc/gai.conf r,
/etc/passwd r,
/etc/protocols r,
@@ -31,12 +32,16 @@
/etc/services r,
# all openldap config
/etc/openldap/* r,
+ /etc/ldap/** r,
+ # db backend
+ /var/lib/misc/*.db r,
# The Name Service Cache Daemon can cache lookups, sometimes leading
# to vast speed increases when working with network-based lookups.
/var/run/.nscd_socket rw,
/var/run/nscd/socket rw,
/var/run/nscd/passwd rmix,
/var/run/nscd/group rmix,
+ /var/db/nscd/{passwd,group,services,hosts} r,
# nscd renames and unlinks files in it's operation that clients will
# have open
/var/run/nscd/db* rmix,
@@ -49,6 +54,9 @@
/usr/lib/libnss_*.so* mr,
/etc/default/nss r,
+ # avahi-daemon is used for mdns4 resolution
+ /var/run/avahi-daemon/socket w,
+
# nis
#include
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.3/apparmor.d/abstractions/python new/apparmor-profiles-2.3/apparmor.d/abstractions/python
--- old/apparmor-profiles-2.3/apparmor.d/abstractions/python 2007-08-29 02:05:56.000000000 +0200
+++ new/apparmor-profiles-2.3/apparmor.d/abstractions/python 2008-06-11 23:19:36.000000000 +0200
@@ -1,5 +1,5 @@
# vim:syntax=apparmor
-# $Id: python 951 2007-08-29 00:05:56Z seth_arnold $
+# $Id: python 1290 2008-06-11 21:19:36Z jrjohansen $
# ------------------------------------------------------------------
#
# Copyright (C) 2002-2006 Novell/SUSE
@@ -21,9 +21,10 @@
/usr/local/lib/python2.[45]/site-packages/ r,
# Site-wide configuration
- /etc/python2.[45]/site.py r,
+ /etc/python2.[45]/** r,
# python-central paths
+ /usr/share/pyshared/** r,
/usr/share/pycentral/** r,
/usr/share/python-support/** r,
/var/lib/python-support/** r,
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.3/apparmor.d/abstractions/wutmp new/apparmor-profiles-2.3/apparmor.d/abstractions/wutmp
--- old/apparmor-profiles-2.3/apparmor.d/abstractions/wutmp 2006-04-12 23:35:41.000000000 +0200
+++ new/apparmor-profiles-2.3/apparmor.d/abstractions/wutmp 2008-06-11 23:19:36.000000000 +0200
@@ -1,4 +1,4 @@
-# $Id: wutmp 12 2006-04-12 21:35:41Z steve-beattie $
+# $Id: wutmp 1290 2008-06-11 21:19:36Z jrjohansen $
# ------------------------------------------------------------------
#
# Copyright (C) 2002-2005 Novell/SUSE
@@ -15,4 +15,4 @@
# connection information
/var/log/lastlog rw,
/var/log/wtmp w,
- /var/run/utmp rw,
+ /var/run/utmp rwk,
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.3/apparmor.d/abstractions/xad new/apparmor-profiles-2.3/apparmor.d/abstractions/xad
--- old/apparmor-profiles-2.3/apparmor.d/abstractions/xad 2007-04-11 01:05:33.000000000 +0200
+++ new/apparmor-profiles-2.3/apparmor.d/abstractions/xad 2008-11-05 15:23:25.000000000 +0100
@@ -1,4 +1,4 @@
-# $Id: xad 559 2007-04-10 23:05:33Z agruen $
+# $Id: xad 1316 2008-11-05 14:23:25Z jrjohansen $
# ------------------------------------------------------------------
#
# Copyright (C) 2007 Novell/SUSE
@@ -14,6 +14,11 @@
/opt/novell/xad/lib/gss/*.so* mr,
/opt/novell/lib/libpthread_ext*.so* mr,
/opt/novell/lib/libccs2.so* mr,
+ /opt/novell/xad/lib64/ r,
+ /opt/novell/xad/lib64/lib*.so* mr,
+ /opt/novell/xad/lib64/gss/*.so* mr,
+ /opt/novell/lib64/libpthread_ext*.so* mr,
+ /opt/novell/lib64/libccs2.so* mr,
/etc/opt/novell/xad/krb5.conf r,
/etc/opt/novell/nici.cfg r,
/var/opt/novell/nici/* r,
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.3/apparmor.d/sbin.klogd new/apparmor-profiles-2.3/apparmor.d/sbin.klogd
--- old/apparmor-profiles-2.3/apparmor.d/sbin.klogd 2007-08-07 15:26:21.000000000 +0200
+++ new/apparmor-profiles-2.3/apparmor.d/sbin.klogd 2008-06-11 23:19:36.000000000 +0200
@@ -1,4 +1,4 @@
-# $Id: sbin.klogd 888 2007-08-07 13:26:21Z DominicReynolds_ $
+# $Id: sbin.klogd 1290 2008-06-11 21:19:36Z jrjohansen $
# ------------------------------------------------------------------
#
# Copyright (C) 2002-2005 Novell/SUSE
@@ -18,6 +18,7 @@
/boot/System.map* r,
@{PROC}/kmsg r,
+ @{PROC}/kallsyms r,
/sbin/klogd rmix,
/var/log/boot.msg rwl,
/var/run/klogd.pid krwl,
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.3/apparmor.d/sbin.syslogd new/apparmor-profiles-2.3/apparmor.d/sbin.syslogd
--- old/apparmor-profiles-2.3/apparmor.d/sbin.syslogd 2007-04-11 01:05:33.000000000 +0200
+++ new/apparmor-profiles-2.3/apparmor.d/sbin.syslogd 2008-06-11 23:19:36.000000000 +0200
@@ -1,4 +1,4 @@
-# $Id: sbin.syslogd 559 2007-04-10 23:05:33Z agruen $
+# $Id: sbin.syslogd 1290 2008-06-11 21:19:36Z jrjohansen $
# ------------------------------------------------------------------
#
# Copyright (C) 2002-2005 Novell/SUSE
@@ -19,6 +19,8 @@
capability sys_tty_config,
capability dac_override,
capability dac_read_search,
+ capability setuid,
+ capability setgid,
/dev/log wl,
/var/lib/*/dev/log wl,
@@ -28,7 +30,7 @@
/etc/syslog.conf r,
/sbin/syslogd rmix,
/var/log/** rw,
- /var/run/syslogd.pid rwl,
+ /var/run/syslogd.pid krwl,
/var/run/utmp rw,
/var/spool/compaq/nic/messages_fifo rw,
}
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.3/apparmor.d/sbin.syslog-ng new/apparmor-profiles-2.3/apparmor.d/sbin.syslog-ng
--- old/apparmor-profiles-2.3/apparmor.d/sbin.syslog-ng 2008-02-19 11:35:19.000000000 +0100
+++ new/apparmor-profiles-2.3/apparmor.d/sbin.syslog-ng 2008-11-05 15:53:00.000000000 +0100
@@ -12,6 +12,9 @@
#include
+#define this to be where syslog-ng is chrooted
+@{CHROOT_BASE}=""
+
/sbin/syslog-ng {
#include
#include
@@ -24,15 +27,19 @@
capability sys_tty_config,
/dev/log w,
+ /dev/syslog w,
/dev/tty10 rw,
/dev/xconsole rw,
/etc/syslog-ng/* r,
+ @{PROC}/kmsg r,
/etc/hosts.deny r,
/etc/hosts.allow r,
/sbin/syslog-ng mr,
# chrooted applications
- /var/lib/*/dev/log w,
- /var/log/** w,
- /var/run/syslog-ng.pid krw,
+ @{CHROOT_BASE}/var/lib/*/dev/log w,
+ @{CHROOT_BASE}/var/lib/syslog-ng/syslog-ng.persist rw,
+ @{CHROOT_BASE}/var/log/** w,
+ @{CHROOT_BASE}/var/run/syslog-ng.pid krw,
+
}
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.3/apparmor.d/tunables/ntpd new/apparmor-profiles-2.3/apparmor.d/tunables/ntpd
--- old/apparmor-profiles-2.3/apparmor.d/tunables/ntpd 1970-01-01 01:00:00.000000000 +0100
+++ new/apparmor-profiles-2.3/apparmor.d/tunables/ntpd 2008-11-05 15:23:25.000000000 +0100
@@ -0,0 +1,15 @@
+# Last Modified: Thu Aug 2 14:37:03 2007
+# $Id: usr.sbin.ntpd 1102 2008-02-19 10:35:19Z jrjohansen $
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2002-2005 Novell/SUSE
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+#Add your ntpd devices here eg. if you have a DCF clock
+# @{NTPD_DEVICE}=/dev/ttyS*
+@{NTPD_DEVICE}="/dev/tty10"
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.3/apparmor.d/usr.sbin.nscd new/apparmor-profiles-2.3/apparmor.d/usr.sbin.nscd
--- old/apparmor-profiles-2.3/apparmor.d/usr.sbin.nscd 2008-02-19 11:35:19.000000000 +0100
+++ new/apparmor-profiles-2.3/apparmor.d/usr.sbin.nscd 2008-11-05 13:03:29.000000000 +0100
@@ -1,5 +1,5 @@
# Last Modified: Wed Aug 15 10:55:46 2007
-# $Id: usr.sbin.nscd 1102 2008-02-19 10:35:19Z jrjohansen $
+# $Id: usr.sbin.nscd 1313 2008-11-05 12:03:29Z jrjohansen $
# ------------------------------------------------------------------
#
# Copyright (C) 2002-2005 Novell/SUSE
@@ -22,6 +22,7 @@
network inet dgram,
network inet stream,
+ /etc/netgroup r,
/etc/nscd.conf r,
/tmp/.winbindd/pipe rw,
/usr/sbin/nscd rmix,
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.3/apparmor.d/usr.sbin.ntpd new/apparmor-profiles-2.3/apparmor.d/usr.sbin.ntpd
--- old/apparmor-profiles-2.3/apparmor.d/usr.sbin.ntpd 2008-02-19 11:35:19.000000000 +0100
+++ new/apparmor-profiles-2.3/apparmor.d/usr.sbin.ntpd 2008-11-05 15:23:25.000000000 +0100
@@ -1,5 +1,5 @@
# Last Modified: Thu Aug 2 14:37:03 2007
-# $Id: usr.sbin.ntpd 1102 2008-02-19 10:35:19Z jrjohansen $
+# $Id: usr.sbin.ntpd 1316 2008-11-05 14:23:25Z jrjohansen $
# ------------------------------------------------------------------
#
# Copyright (C) 2002-2005 Novell/SUSE
@@ -11,11 +11,13 @@
# ------------------------------------------------------------------
#include
+#include
/usr/sbin/ntpd {
#include
#include
#include
+ capability dac_override,
capability ipc_lock,
capability net_bind_service,
capability setgid,
@@ -32,10 +34,12 @@
/drift/ntp.drift.TEMP rwl,
/etc/ntp.conf r,
/etc/ntp/drift* rwl,
- /etc/ntp/keys r,
+ /etc/ntp.keys r,
/etc/ntp/step-tickers r,
/etc/ntpd.conf r,
/etc/ntpd.conf.tmp r,
+ /etc/gai.conf r,
+
/tmp/ntp* rwl,
/usr/sbin/ntpd rmix,
/var/lib/ntp/drift rwl,
@@ -54,5 +58,12 @@
/var/run/nscd/services r,
/var/run/ntpd.pid w,
/var/tmp/ntp* rwl,
- @{PROC}/net/if_inet6 r,
+ @{PROC}/*/net/if_inet6 r,
+ @{PROC}/*/sys/kernel/ngroups_max r,
+
+ # allow access for when chrooted
+ /var/lib/ntp/@{PROC}/*/net/if_inet6 r,
+ /var/lib/ntp/@{PROC}/*/sys/kernel/ngroups_max r,
+
+ @{NTPD_DEVICE} rw,
}
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.3/apparmor-profiles.spec new/apparmor-profiles-2.3/apparmor-profiles.spec
--- old/apparmor-profiles-2.3/apparmor-profiles.spec 2008-04-07 21:47:18.000000000 +0200
+++ new/apparmor-profiles-2.3/apparmor-profiles.spec 2008-11-05 17:00:12.000000000 +0100
@@ -23,10 +23,10 @@
Summary: AppArmor profiles
Name: apparmor-profiles
-Version: 2.3
-Release: 1112
+Version: 2.3.1
+Release: 1318
Group: Productivity/Security
-Source0: %{name}-%{version}-1112.tar.gz
+Source0: %{name}-%{version}-1318.tar.gz
License: GPL
BuildRoot: %{?_tmppath:}%{!?_tmppath:/var/tmp}/%{name}-%{version}-build
Url: http://forge.novell.com/modules/xfmod/project/?apparmor
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.3/common/Make.rules new/apparmor-profiles-2.3/common/Make.rules
--- old/apparmor-profiles-2.3/common/Make.rules 2008-04-07 21:37:57.000000000 +0200
+++ new/apparmor-profiles-2.3/common/Make.rules 2008-09-12 13:40:04.000000000 +0200
@@ -1,4 +1,4 @@
-# $Id: Make.rules 1182 2008-04-07 19:37:57Z jrjohansen $
+# $Id: Make.rules 1300 2008-09-12 11:40:04Z jrjohansen $
# ------------------------------------------------------------------
#
# Copyright (C) 2002-2005 Novell/SUSE
@@ -25,7 +25,7 @@
# directories
DISTRIBUTION=AppArmor
-VERSION=2.3
+VERSION=2.3.1
# OVERRIDABLE variables
# Set these variables before including Make.rules to change its behavior
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Remember to have fun...
--
To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-commit+help@opensuse.org